Lucene search
+L

476 matches found

redhat
redhat
added 2026/07/07 7:24 p.m.7 views

nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS6.3AI score0.03552EPSS
Exploits1References5
cvelist
cvelist
added 2026/06/27 9:22 a.m.36 views

CVE-2026-49414 ASLR bypass for setuid executables via procctl(2)

The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. An unprivileged local user ca...

0.00106EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/27 9:22 a.m.13 views

CVE-2026-49414

The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. An unprivileged local user ca...

5.8AI score0.00106EPSS
Exploits0References2
cve
cve
added 2026/06/27 9:22 a.m.29 views

CVE-2026-49414

CVE-2026-49414 is a local ASLR bypass in FreeBSD: the ELF image activator clears per-process ASLR preferences for setuid binaries after computing the PIE base, allowing an unprivileged local user to disable ASLR for a setuid PIE binary via procctl(2) before execve(2). This makes exploitation of a...

7.8CVSS5.8AI score0.00106EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/06/22 5:47 a.m.5 views

BIT-NGINX-GATEWAY-2026-42530 NGINX Open-Source ngx_http_v3_module vulnerability

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS6.1AI score0.03225EPSS
Exploits3References5
susecve
susecve
added 2026/06/19 1:52 a.m.9 views

SUSE CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

8.1CVSS6.3AI score0.03225EPSS
Exploits3References3
osv
osv
added 2026/06/17 3:16 p.m.1 views

CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS7.1AI score0.03225EPSS
Exploits3References4
debiancve
debiancve
added 2026/06/17 2:4 p.m.13 views

CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS5.8AI score0.03225EPSS
Exploits3
vulnrichment
vulnrichment
added 2026/06/17 2:4 p.m.8 views

CVE-2026-42530 NGINX Open-Source ngx_http_v3_module vulnerability

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS5.8AI score0.03225EPSS
Exploits3References1
euvd
euvd
added 2026/06/17 2:4 p.m.11 views

EUVD-2026-37717

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS5.7AI score0.03225EPSS
Exploits3References1
cve
cve
added 2026/06/17 2:4 p.m.333 views

CVE-2026-42055

CVE-2026-42055 affects NGINX Plus and NGINX Open Source via the ngx_http_proxy_v2_module and ngx_http_grpc_module. A remote, unauthenticated attacker can exploit scenarios where proxy_http_version 2 or grpc_pass is used, ignore_invalid_headers is off, and large_client_header_buffers is set to mul...

9.2CVSS6AI score0.03552EPSS
Exploits1References10Affected Software9
redhat
redhat
added 2026/06/16 2:45 p.m.13 views

rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding

A flaw was found in rsync. An authenticated daemon peer can exploit an integer overflow vulnerability in the compressed-token decoder. By carefully manipulating the compressed-token, a malicious sender can trigger an overflow, leading to remote memory disclosure. This allows an attacker to leak...

8.1CVSS5.4AI score0.0078EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/16 10:16 a.m.34 views

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS0.0031EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/16 10:16 a.m.10 views

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS5.3AI score0.00472EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2026/06/09 12:0 a.m.9 views

FreeBSD Security Advisory - FreeBSD-SA-26:32.elf

FreeBSD Security Advisory - The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen...

5.5AI score0.00106EPSS
Exploits0
freebsd_advisory
freebsd_advisory
added 2026/06/09 12:0 a.m.10 views

FreeBSD-SA-26:32.elf

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:32.elf Security Advisory The FreeBSD Project Topic: ASLR bypass for setuid executables via procctl2 Category: core Module: kernel Announced: 2026-06-09...

7.8CVSS5.8AI score0.00106EPSS
Exploits0
redhatcve
redhatcve
added 2026/06/05 7:11 p.m.11 views

CVE-2026-8711

NGINX JavaScript has a vulnerability when the jsfetchproxy directive is configured with at least one client-controlled NGINX variable for example, $http, $arg, $cookie and a location invoking the ngx.fetch operation from NGINX JavaScript. An unauthenticated attacker can exploit this vulnerability...

9.8CVSS6.1AI score0.00889EPSS
Exploits0References1
osv
osv
added 2026/06/01 11:47 a.m.9 views

BIT-NGINX-2026-9256 NGINX ngx_http_rewrite_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References14
susecve
susecve
added 2026/05/23 1:30 a.m.33 views

SUSE CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

8.1CVSS6.2AI score0.04261EPSS
Exploits3References11
osv
osv
added 2026/05/22 3:16 p.m.12 views

ALPINE-CVE-2026-9256

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string that references...

9.2CVSS6.2AI score0.04261EPSS
Exploits3References1
Rows per page
Query Builder